package org.kernely.security.service;

import java.util.Set;

import org.kernely.security.persistence.Group;
import org.kernely.security.persistence.User;

/**
 * Provides security services.
 */
public interface KernelySecurityService {
	
	/**
	 * Gets the current authenticated user from session.
	 * Uses the database to retrieve "fresh" data.
	 * @return the current user.
	 */
	User getCurrentUser();
	
	/**
	 * Sets the id of the authenticated user in session.
	 * @param user The user to register.
	 */
	void setCurrentUser(User user);
	
	
	/**
	 * Verify that the user has one of the role list
	 * @param : the list of roles
	 * @return boolean : true if the user has one of these roles
	 */
	boolean currentUserHasOneOf(String ... rolesList);
	
	/**
	 * Verify that the user has one of the roles in the set.
	 * @param the set of roles
	 * @return boolean true if the user has one of these roles
	 */
	boolean currentUserHasOneOf(Set<String> rolesSet);
	
	/**
	 * Allows to grant a permission to a specific user
	 * @param user : the user which the permission will be granted
	 * @param authorizationString : the permission (i.e. "printer:query:lp006")
	 */
	void grantAuthorization(User user, String authorizationString);
	
	/**
	 * Allows to grant a permission to a specific user
	 * @param user : the user which the permission will be granted
	 * @param authorizationString : the permission (i.e. "printer:query:lp006")
	 */
	void grantAuthorization(Group group, String authorizationString);
	
	/**
	 * Remove a specific permission to a user.
	 * @param user : the user which the permission will be removed
	 * @param authorizationString : the permission (i.e. "printer:query:lp006")
	 */
	void ungrantAuthorization(User user, String authorizationString);


	/**
	 * Remove a specific permission to a group.
	 * @param group: the user which the permission will be removed
	 * @param authorizationString: the permission (i.e. "printer:query:lp006")
	 */
	void ungrantAuthorization(Group group, String authorizationString);

	/**
	 * Verify that the user has the specified permission
	 * @param permission : the permission to check
	 * @return true if the user gets this permission, false otherwise.
	 */
	boolean currentUserHasPermission(String permission);
	
	/**
	 * Register a new role in the application.
	 * 
	 */
	void registerNewRole(String roleName);
	
	/**
	 * Register new roles in the application.
	 * 
	 */
	void registerNewRoles(Set<String> rolesNames);
}
